Android phones at risk: PromptSpy malware exploits AI
Generative AI helps malware adapt to different screens and prevent easy removal
Security researchers have discovered a new Android malware operation called PromptSpy, which uses Google Gemini AI to continue running on infected devices. The malware first appeared to ESET in February 2026, and it can adapt to different OS versions and device layouts, which makes removal operations more difficult for users.
The malware primarily targets Argentine users through phishing websites that pretend to be banks for distributing the malicious software.
How does PromptSpy use AI?
PromptSpy uses Gemini AI to analyse the device’s current screen and provide step-by-step tap and swipe instructions, keeping the malicious app pinned in the Recent Apps list. “Leveraging generative AI enables the threat actors to adapt to more or less any device, layout, or OS version, greatly expanding the pool of potential victims,” the ESET report says.
Instead of relying on fixed coordinates, the AI receives an XML screen dump and responds with JSON instructions for the malware.
The malware includes a VNC module for full remote control, abuses Android Accessibility Services to block removal, records lockscreen data, and captures video. It communicates with its C2 server via encrypted channels and can overlay invisible elements over uninstall buttons to prevent deletion.
PromptSpy is delivered via a dropper through dedicated phishing websites, rather than Google Play, and is thought to originate from a Chinese-speaking environment based on code analysis.
PromptSpy represents a new evolution in malware, demonstrating how generative AI can make attacks more dynamic and resilient. By adapting in real time to different interfaces, it increases the difficulty of removal and enhances the impact of the attack.
“PromptSpy is an early example of generative AI-powered Android malware, illustrating how quickly attackers misuse AI tools,” ESET concludes. Users are advised to avoid suspicious websites and rely on security solutions such as Google Play Protect to block known variants.
-
AI won’t replace jobs, it will evolve them, says Nvidia CEO -
From human to machine: 15% of American accept AI in leadership roles -
From AI self-preservation to ‘peer preservation’: New study raises alarm over hidden risks -
OpenAI caught funding child AI group without disclosure -
New AI tool targets extremism, redirects ChatGPT users to real-world help -
Has X disabled the ability to copy video links? -
Experts call on Google to ban Youtube AI videos for kids -
Apple turns 50: Tim Cook reflects on five decades of impact
